VAR-201602-0182
Vulnerability from variot - Updated: 2025-04-12 23:24The API on Fisher-Price Smart Toy Bear devices allows remote attackers to obtain sensitive information or modify data by leveraging presence in an 802.11 network's coverage area and entering an account number. Fisher price Smart Toy Web services for multiple API The call is not properly authenticated. Also, Smart Toy Fragile versions of toys Android OS May have been used. Fisher price Smart Toy Bear Is Wi-Fi With connection function IoT It is a toy. This toy uses the network function to provide further interaction with the child, the user. Inappropriate authentication (CWE-287) - CVE-2015-8269 Fisher price Smart Toy Has registered a user account with a predictable number. Smart Toy An attacker with one account can execute queries and commands against other accounts. An attacker can obtain information about other users, such as name, date of birth, and gender, by issuing a query. It is also possible to edit some information of other users and associate registered toys with other accounts. CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html Rapid7 According to researchers, not all data in the account can be changed or retrieved and the impact is limited. Also, this researcher Smart Toy But Android 4.4 (KitKat) It is supposed to work with. At the moment, Smart Toy Latest for product Android It is unknown whether security patches have been applied. For more information, Rapid7 See the security advisory for. Rapid7 Security Advisory for https://community.rapid7.com/community/infosec/blog/2016/02/02/security-vulnerabilities-within-fisher-price-smart-toy-hereo-gps-platform Fisher price Smart Toy I will provide a Mattel, Inc. Says: "We recently learned of a security vulnerability with our Fisher-Price WiFi-connected Smart Toy Bear. We have remediated the situation and have no reason to believe that customer information was accessed by any unauthorized person. Mattel and Fisher-Price take the safety of our consumers and their personal data very seriously, which is why we act quickly to resolve potential vulnerabilities like this. We have recently been using Fisher Price Wi-Fi Connection Smart Toy Bear I learned about security vulnerabilities. This issue has already been fixed and no unauthorized access to customer information has been confirmed. Mattel At FisherPrice, we believe that the security of customers and their personal information is extremely important, and we will work to quickly resolve such vulnerabilities. "A remote attacker may obtain or change the personal information of the child or parent associated with the product. There is also the possibility of getting a toy. Fisher-Price Smart Toy is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions like modifying private information or take ownership of the toy
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0182",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart toy bear",
"scope": "eq",
"trust": 1.0,
"vendor": "fisher price",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mattel",
"version": null
},
{
"model": "fisher price smart toy web services",
"scope": null,
"trust": 0.8,
"vendor": "mattel",
"version": null
},
{
"model": "fisher-price smart toy bear",
"scope": null,
"trust": 0.6,
"vendor": "mattel",
"version": null
},
{
"model": "smart toy bear",
"scope": null,
"trust": 0.6,
"vendor": "fisher price",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#719736"
},
{
"db": "CNVD",
"id": "CNVD-2016-00991"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001344"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-131"
},
{
"db": "NVD",
"id": "CVE-2015-8269"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:fisher-price:smart_toy_bear",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001344"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rapid7",
"sources": [
{
"db": "BID",
"id": "82404"
}
],
"trust": 0.3
},
"cve": "CVE-2015-8269",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2015-8269",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 6.5,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 4.4,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 8.0,
"id": "CVE-2015-8269",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "CONFIRMED",
"severity": "MEDIUM",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2016-00991",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2015-8269",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-8269",
"trust": 1.6,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2015-8269",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-00991",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-131",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-8269",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#719736"
},
{
"db": "CNVD",
"id": "CNVD-2016-00991"
},
{
"db": "VULMON",
"id": "CVE-2015-8269"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001344"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-131"
},
{
"db": "NVD",
"id": "CVE-2015-8269"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The API on Fisher-Price Smart Toy Bear devices allows remote attackers to obtain sensitive information or modify data by leveraging presence in an 802.11 network\u0027s coverage area and entering an account number. Fisher price Smart Toy Web services for multiple API The call is not properly authenticated. Also, Smart Toy Fragile versions of toys Android OS May have been used. Fisher price Smart Toy Bear Is Wi-Fi With connection function IoT It is a toy. This toy uses the network function to provide further interaction with the child, the user. Inappropriate authentication (CWE-287) - CVE-2015-8269 Fisher price Smart Toy Has registered a user account with a predictable number. Smart Toy An attacker with one account can execute queries and commands against other accounts. An attacker can obtain information about other users, such as name, date of birth, and gender, by issuing a query. It is also possible to edit some information of other users and associate registered toys with other accounts. CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html Rapid7 According to researchers, not all data in the account can be changed or retrieved and the impact is limited. Also, this researcher Smart Toy But Android 4.4 (KitKat) It is supposed to work with. At the moment, Smart Toy Latest for product Android It is unknown whether security patches have been applied. For more information, Rapid7 See the security advisory for. Rapid7 Security Advisory for https://community.rapid7.com/community/infosec/blog/2016/02/02/security-vulnerabilities-within-fisher-price-smart-toy-hereo-gps-platform Fisher price Smart Toy I will provide a Mattel, Inc. Says: \"We recently learned of a security vulnerability with our Fisher-Price WiFi-connected Smart Toy Bear. We have remediated the situation and have no reason to believe that customer information was accessed by any unauthorized person. Mattel and Fisher-Price take the safety of our consumers and their personal data very seriously, which is why we act quickly to resolve potential vulnerabilities like this. We have recently been using Fisher Price Wi-Fi Connection Smart Toy Bear I learned about security vulnerabilities. This issue has already been fixed and no unauthorized access to customer information has been confirmed. Mattel At FisherPrice, we believe that the security of customers and their personal information is extremely important, and we will work to quickly resolve such vulnerabilities. \"A remote attacker may obtain or change the personal information of the child or parent associated with the product. There is also the possibility of getting a toy. Fisher-Price Smart Toy is prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions like modifying private information or take ownership of the toy",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8269"
},
{
"db": "CERT/CC",
"id": "VU#719736"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001344"
},
{
"db": "CNVD",
"id": "CNVD-2016-00991"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-131"
},
{
"db": "BID",
"id": "82404"
},
{
"db": "VULMON",
"id": "CVE-2015-8269"
}
],
"trust": 3.78
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/719736",
"trust": 0.8,
"type": "poc"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#719736"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#719736",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2015-8269",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU99349751",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001344",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-00991",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201602-131",
"trust": 0.6
},
{
"db": "BID",
"id": "82404",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2015-8269",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#719736"
},
{
"db": "CNVD",
"id": "CNVD-2016-00991"
},
{
"db": "VULMON",
"id": "CVE-2015-8269"
},
{
"db": "BID",
"id": "82404"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001344"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-131"
},
{
"db": "NVD",
"id": "CVE-2015-8269"
}
]
},
"id": "VAR-201602-0182",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00991"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00991"
}
]
},
"last_update_date": "2025-04-12T23:24:31.457000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Smart Toy Bear",
"trust": 0.8,
"url": "http://www.fisher-price.com/shop/smart-toys--174%3B/smart-toy-bear-dnv31"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.fisher-price.com/ja_JP/index.html"
},
{
"title": "MattelFisher-PriceSmartToyBearAPI Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/71369"
},
{
"title": "Mattel Fisher-Price Smart Toy Bear Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60081"
},
{
"title": "IoT-PenTesting-Research-",
"trust": 0.1,
"url": "https://github.com/RedaMastouri/IoT-PenTesting-Research- "
},
{
"title": "IOt-Hack",
"trust": 0.1,
"url": "https://github.com/mrnamp/IOt-Hack "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/MdTauheedAlam/IOT-Hacks "
},
{
"title": "IOTHacks",
"trust": 0.1,
"url": "https://github.com/AliyaValieva/IOTHacks "
},
{
"title": "awesome-iot-hacks",
"trust": 0.1,
"url": "https://github.com/nebgnahz/awesome-iot-hacks "
},
{
"title": "Awesome-Hardware-and-IoT-Hacking",
"trust": 0.1,
"url": "https://github.com/CyberSecurityUP/Awesome-Hardware-and-IoT-Hacking "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00991"
},
{
"db": "VULMON",
"id": "CVE-2015-8269"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001344"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-131"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001344"
},
{
"db": "NVD",
"id": "CVE-2015-8269"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.2,
"url": "https://community.rapid7.com/community/infosec/blog/2016/02/02/security-vulnerabilities-within-fisher-price-smart-toy-hereo-gps-platform"
},
{
"trust": 2.9,
"url": "https://www.kb.cert.org/vuls/id/719736"
},
{
"trust": 2.5,
"url": "https://www.kb.cert.org/vuls/id/gwan-a6lppw"
},
{
"trust": 1.1,
"url": "http://www.fisher-price.com/shop/smart-toys--174%3b/smart-toy-bear-dnv31"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8269"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99349751/index.html"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8269"
},
{
"trust": 0.8,
"url": "http://fortune.com/2016/02/02/fisher-price-smart-toy-bear-data-leak/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://github.com/redamastouri/iot-pentesting-research-"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/nebgnahz/awesome-iot-hacks"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#719736"
},
{
"db": "CNVD",
"id": "CNVD-2016-00991"
},
{
"db": "VULMON",
"id": "CVE-2015-8269"
},
{
"db": "BID",
"id": "82404"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001344"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-131"
},
{
"db": "NVD",
"id": "CVE-2015-8269"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#719736"
},
{
"db": "CNVD",
"id": "CNVD-2016-00991"
},
{
"db": "VULMON",
"id": "CVE-2015-8269"
},
{
"db": "BID",
"id": "82404"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001344"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-131"
},
{
"db": "NVD",
"id": "CVE-2015-8269"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-02T00:00:00",
"db": "CERT/CC",
"id": "VU#719736"
},
{
"date": "2016-02-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00991"
},
{
"date": "2016-02-04T00:00:00",
"db": "VULMON",
"id": "CVE-2015-8269"
},
{
"date": "2016-02-02T00:00:00",
"db": "BID",
"id": "82404"
},
{
"date": "2016-02-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001344"
},
{
"date": "2016-02-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-131"
},
{
"date": "2016-02-04T11:59:00.113000",
"db": "NVD",
"id": "CVE-2015-8269"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-02T00:00:00",
"db": "CERT/CC",
"id": "VU#719736"
},
{
"date": "2016-02-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00991"
},
{
"date": "2016-02-24T00:00:00",
"db": "VULMON",
"id": "CVE-2015-8269"
},
{
"date": "2016-07-05T21:21:00",
"db": "BID",
"id": "82404"
},
{
"date": "2016-02-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001344"
},
{
"date": "2016-02-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-131"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-8269"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-131"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fisher-Price Smart Toy platform allows some unauthenticated web API commands",
"sources": [
{
"db": "CERT/CC",
"id": "VU#719736"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-131"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…